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Art Unit: 2437 

Remarks 

Claims 24-32, 34, and 36 are pending. 

Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
10/31/2008 has been entered. 

Response to Arguments 

2. Applicant's arguments filed 10/31/2008 have been fully considered but they are 
not persuasive. 

Applicant argues that "one advantage of the present embodiments is that the 
security rules of items can be determined without using ACL's for each item." It is first 
noted, with respect to ACLs, that neither of the independent claims refer to any ACL, 
and only claim 36 refers to such an access control list. With respect to the advantage 
noted by Applicant, this is not seen within any of the claims. The requirements of claim 
24, for example, are that a first non-overlapping security zone contains items for which 
common security rules are enforced. The means to perform such enforcement are not 
described as being any master ACL or the like for the zone. Additionally, claim 36 only 
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refers to the security rules comprising an ACL defining riglits a principal has to the items 
in the security zone associated with the security rules. The inherited ACL (of Schmuck) 
which defines common security rules for all entities that inherit the ACL fits this 
description. 

Applicant argues that, in the instant application, "once a user has access to a 
security zone, access right lists no longer need to be determined when accessing each 
item within the zone, since the security rules are enforced to be consistent within the 
zone." The claims, however, pertain to delegating administrative rights, and not to how 
a user would access the security zone. It is further noted here, that the application 
discloses a single security right granting a user access to one item while denying the 
user access to another item within the same zone (page 18, paragraph 50, for 
example). Therefore, access rights would have to be verified for every item that the 
user accesses. 

Applicant goes on to state that Schmucl^ "states that there are typically groups of 
related files that all have the same access rights associated with them", but, "nowhere is 
it found that the access rights are enforced as being the same for each related file." As 
just described by Applicant, there are groups of related files that aH have the same 
access rights associated therewith within Schmuck. 

Applicant also argues that Schmuck may allow a user to change an ACL. The 
changing of an ACL in Schmuck would be equivalent to creating a new zone in the 
current application, and therefore, of no detriment. If security rules were meant to be 
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permanent and never changing, tliere would be no difference between tine security rules 
of any zone or item within the system. 

It is further noted, with respect to what a security rule is, that the current 
application refers to administrative rights as being within the realm of security rules. 
This can be see, for example, in paragraph 52 on page 18, stating that "a rule may 
specify a set of principals including all network administrators while excluding a 
particular administrator." Therefore, administrative rights are within the broader security 
rules and may be used in rejection of such. Realizing this, one can easily see that 
Barnett teaches that each zone will have commonly enforced security rules, being the 
administrative rights (delegation, edit, and possibly others, such as view, modify, delete, 
and temporary delegation). 



Claim Objections 

3. Claims 24 and 34 are objected to because of the following informalities: Each of 
claims 24 and 34 recite "the common security rules" in at least the final limitation. 
However, there are 2 instances of "common security rules" within each of the claims. 
As the claims stand, the common security rules mentioned in the final limitation could 
refer to either of the common security rules. For purposes of prior art rejection, "the 
common security rules" of the final limitation have been construed as those being 
associated with the first zone. Appropriate correction is required. 



Claim Rejections - 35 USC § 103 
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The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 24, 25, 27-32, 34, and 36 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over Barnett (U.S. Patent 6,772,157) in view of Schmuck (U.S. Patent 
6,021,508). 

Regarding Claim 24, 

Barnett discloses in a computer system that includes items stored 
in at least one volume being divided into at least one security zone, each 
of the at least one security zone being defined as a grouping of items 
having common security rules, each item residing in a security zone from 
among the at least one security zone, each security zone having one or 
more principals with administrative rights, a method of delegating 
administrative rights to other principals for first items included in a main 
security zone included in the at least one security zone, comprising: 

An act of identifying first items for which common security rules are 
to be enforced and other items for which common security rules are to be 
maintained independent from the common security rules of the identified 
first items residing in a main security zone within a volume comprising a 
plurality of security zones (Column 5, lines 4-34; Column 6, lines 13-52; 
and Column 8, lines 8-34); 
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An act of splitting tlie main security zone into a first security zone 
containing tine identified first items for wliich common security rules are to 
be enforced and a remaining main security zone having the other items 
having common security rules that are not dependent upon the common 
security rules of the first security zone, the one or more main principals 
retaining administrative rights for the first security zone and the remaining 
main security zone, the first security zone including the first items and the 
remaining main security zone including only the other items from the main 
security zone not included in the first items (Column 5, lines 4-34; Column 
6, lines 13-52; and Column 8, lines 8-34), and 

An act of specifying that one or more first principals also have 
administrative rights to the first security zone containing the first items, 
such that the entirety of items in the first security zone necessarily have 
the common security rules (Column 5, lines 4-34; Column 6, lines 13-52; 
and Column 8, lines 8-34); 

But may not explicitly disclose that the zones are non-overlapping. 

Schmuck, however, discloses identifying first items for which 
common security rules are to be enforced and other items for which 
common security rules are to be maintained independent from the 
common security rules of the identified first items; a first non-overlapping 
security zone of items having common security rules such that the entirety 
of items in the first non-overlapping security zone necessarily have the 
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common security rules and a remaining non-overlapping main security 
zone having common security rules that are not dependent upon the 
common security rules of the first non-overlapping security zone such that 
the first non-overlapping security zone and the remaining non-overlapping 
main security zone do not overlap with any of the plurality of other non- 
overlapping security zones included in the volume, and that the splitting is 
restricted in such a way as to prevent overlapping between security zones 
and such that none of the first items and other items from the main non- 
overlapping security zone are shared when the main non-overlapping 
security zone is split wherein the security zones thereby have a dynamic 
configurable granularity of items having common security rules (Column 
27, line 10 to Column 28, line 59). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to incorporate 
the ACL system of Schmuck into the delegated administration system of 
Barnett in order to provide an access control mechanism that allows the 
same physical storage to be shared and referenced by any item that has 
the same security rules, thereby reducing the memory used by such 
security rules and allowing faster and more efficient access control 
determinations. 
Regarding Claim 25, 

Barnett as modified by Schmuck discloses the method of claim 24, 
in addition, Barnett discloses that specifying the one or more first 
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principals is performed by tine one or more main principals (Column 6, 

lines 13-52). 
Regarding Claim 27, 

Barnett as modified by Schmuck discloses the method of claim 24, 

in addition, Barnett discloses the administrative rights being security rights 

(Column 6, lines 13-52; and Column 8, lines 8-34). 
Regarding Claim 28, 

Barnett as modified by Schmuck discloses the method of claim 24, 

in addition, Barnett discloses the administrative rights being auditing rights 

(Column 6, lines 13-52; and Column 8, lines 8-34). 
Regarding Claim 29, 

Barnett as modified by Schmuck discloses the method of claim 24, 

in addition, Barnett discloses specifying security rules for the first security 

zone after the act of splitting (Column 6, lines 13-52; and Column 8, lines 

8-34); and Schmuck discloses that the zones are non-overlapping 

(Column 27, line 10 to Column 28, line 59). 
Regarding Claim 30, 

Barnett as modified by Schmuck discloses the method of claim 24, 

in addition, Barnett discloses specifying security rules for the first security 

zone by defaulting the security rules that were from the main security zone 

prior to the act of splitting (Column 5, line 35 t6o Column 6, line 65); and 
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Schmuck discloses that tlie zones are non-overlapping (Column 27, line 
10 to Column 28, line 59). 

Regarding Claim 31, 

Barnett as modified by Schmuck discloses the method of claim 24, 
in addition, Barnett discloses recombining the first security zone and the 
remaining main security zone (Column 6, lines 53-65; and Column 12, line 
45 to Column 13, line 8); and Schmuck discloses that the zones are non- 
overlapping (Column 27, line 10 to Column 28, line 59). 

Regarding Claim 32, 

Barnett as modified by Schmuck discloses the method of claim 24, 
in addition, Barnett discloses a subsequent remaining main security zone, 
the subsequent remaining main security zone formed from splitting the 
remaining main security zone, wherein the administrative principals of the 
subsequent remaining main security zone are the administrative principals 
in the main security zone, comprising an act of recombining the first 
security zone and the subsequent remaining main security zone (Column 
6, lines 53-65; and Column 12, line 45 to Column 13, line 8); and Schmuck 
discloses that the zones are non-overlapping (Column 27, line 10 to 
Column 28, line 59). 

Regarding Claim 36, 

Barnett as modified by Schmuck discloses the method of claim 24, 
in addition, Schmuck discloses that the security rules comprise an access 
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control list defining the rights a principal has to the items in the security 
zone associated with the security rules (Column 27, line 10 to Column 28, 
line 59). 

Regarding Claim 34, 

Claim 34 is a computer program product claim that corresponds to 
method claim 36 and is rejected for the same reasons. 



5. Claim 26 is rejected under 35 U.S.C. 103(a) as being unpatentable over Barnett 
in view of Schmuck, further in view of Anglin (U.S. Patent Application Publication 
2004/0199521). 

Barnett as modified by Schmuck discloses the method of claim 24, in 
addition, associating an identical reference with the first items, referring to the 
zone's security rules (Column 27, line 10 to Column 29, line 59); but does not 
explicitly disclose labeling the items with a zone enumeration corresponding to 
the first zone. 

Anglin, however discloses labeling the first items with a security zone 
enumeration corresponding to the first non-overlapping security zone 
(Paragraphs 19, 24, and 25). It would have been obvious to one of ordinary skill 
In the art at the time of applicant's invention to incorporate the group 
management system of Anglin into the delegated administration system of 
Barnett as modified by Schmuck in order to explicitly associate Items with their 
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appropriate zone, as well as to associate a zone entry with all of the items that 
belong to that zone, thereby increasing ease of viewing, management, and use 
of the system. 



Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Maheshwari (U.S. Patent 7,152,165). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JEFFREY D. POPHAM whose telephone number is 
(571)272-7215. The examiner can normally be reached on M-F 9:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571 )272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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